It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ACPW06EN’. The file has been seen being downloaded from blu185.afx.ms and multiple other hosts.
File name:
acdseepro6intouch2.exe
MD5:
93b885adfe0da089cdf634904fd59f71
SHA-1:
5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA-256:
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Scanner detections:
0 / 68
Status:
Clean (as of last analysis)
Whitelisted (by digital signature)
Analysis date:
11/15/2024 9:48:31 PM UTC (today)
File type:
Executable application (Win64 EXE)
Common path:
C:\Program Files\acd systems\acdsee pro\6.0\acdseepro6intouch2.exe
Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Command:
"C:\Program Files\acd systems\acdsee pro\6.0\acdseepro6intouch2.exe" \pid acpw06en
The file acdseepro6intouch2.exe has been discovered within the following programs.
ACDSee Pro is an image organizer, viewer, and RAW / image editor programs for Microsoft Windows.
www.acdsee.com
9% remove it
List of Acronis True Image Home 2012 services and processes:
trueimage.exe - Program User Interface
schedhlp.exe - Monitors Schedule2 service and restarts it if needed
trueimagehomenotify.
www.acronis.com
20% remove it
Publisher's description - “Get ready for an entirely new RollerCoaster Tycoon experience… it’s wet, wild and totally soaked! For the first time, run your own water park — and ride all the rides — with this expansion to the smash hit RollerCoaster Tycoon 3.”
About 5% of users remove it
www.rtscreator.net
About 21% of users remove it
Publisher's description - “It's a whole new vision for backup. It’s the latest sync technologies. It’s cloud storage. It's a new True Image supporting new devices. And it's easy to try now — whether you're installing it for the first time, or upgrading from a previous version.”
6% remove it
Publisher's description - “True Image 2013 by Acronis protects your photos, documents, music, mail, programs, contacts, calendars, and more. It stores your content in a secure online location and syncs it with your devices. The newest sync technologies are here.”
7% remove it
Powered by Should I Remove It?
The file acdseepro6intouch2.exe has been seen being distributed by the following 13 URLs.
https://blu185.afx.ms/.../GetAttachment.aspx?file=b0f15fd6-8a8d-402e-aa14-ff23b7cd4c23.pdf&ct=YXBwbGljYXRpb24vcGRm&name=YW5hbGl0aWNhY2xpZW50ZS5wZGY_3d&inline=0&rfc=0&empty=False&cid=b699bf7f28eb7e1b&shared=1&hm__login=david.dg.97&hm__domain=hotmail.com&ip=10.148.108.8&d=d875&mf=0&hm__ts=Thu, 28 Apr 2016 14:46:23 GMT&st=(00067FFEED3773B8)&hm__ha=01_46813a704b5a26e15546b4d1d8dec5c55a5d517b5ad77af6e5fd9183f75564e1&oneredir=1
http://zhuti.powerlink.co.il/act/.../download.aspx?oid=9559f9be-2e5a-4d1e-a1e6-88abdf0fbb45
https://www2.bancobrasil.com.br/aapf/.../downloadAnexo?id=7pqamsvFk8zDx8vNz8ebnZOTnITA2s2am52Tk5w=
https://www.bestservicers.com/.../ticket.aspx?id=46802&returnurl=workoders.aspx&act=G
https://ftp.epson.com/latin/drivers/Multi/.../TX130_133_135_Scan_3780_GM.exe
https://parentnet.tustin.k12.ca.us/.../ViewDocument.ashx?DocTable=DCS&DocID=aa16b84a-65e1-4f2e-ac16-5464e7b13050
http://zenit.peggo.co/.../
http://files.rootsmagic.com/RM7Setup.exe